Post navigation

Schneier on Security

Earlier, I blogged about airport and airline security. Now listen to a real security guru, Bruce Schneier’s Schneier on Security – “a collection of essays on security: on security technology, on security policy, on how security works in the real world.”

Schneier says:

1. Security is a trade-off. There’s no such thing as absolute security. Life entails risk, and all security involves trade-offs. We get security by giving something up: money, time, convenience, capabilities, liberties, etc. Sometimes we make these trade-offs consciously, and sometimes we make them unconsciously.

2. You are a security consumer. You get to make these trade-offs, whether they be personal, corporate, national, or whatever. “Is this security measure effective?” is not a good question. It’s much better to ask: “Is this a good trade-off?” These trade-offs are subjective.

3. Security is a system. People often think of security in terms of specific attacks and defenses. But it’s not that simple. Security is always part of a system, and that system is always more complex than the individual components.

4. Technology causes security imbalances. The thing about technology is that it changes trade-offs. It makes something cheaper, or more expensive; faster, or more time-consuming. Technological advances can make some attacks easier, or it can make some defenses easier.

Essay excerpt:

It seems like every time someone tests airport security, airport security fails. In tests between November 2001 and February 2002, screeners missed 70% of knives, 30% of guns, and 60% of (fake) bombs. And recently, testers were able to smuggle bomb-making parts through airport security in 21 of 21 attempts. It makes you wonder why we’re all putting our laptops in a separate bin and taking off our shoes. (Although we should all be glad that Richard Reid wasn’t the “underwear bomber.”)

The failure to detect bomb-making parts is easier to understand. Break something into small enough parts, and it’s going to slip past the screeners pretty easily. The explosive material won’t show up on the metal detector, and the associated electronics can look benign when disassembled. This isn’t even a new problem. It’s widely believed that the Chechen women who blew up the two Russian planes in August 2004 probably smuggled their bombs aboard the planes in pieces.